[H-GEN] How safe is SSH on the internet?
Christopher Biggs
listjunkie at pobox.com
Mon Jun 30 06:13:23 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Jason Parker-Burlingham <jasonp at panix.com> moved upon the face of the 'Net and spake thusly:
>> I was thinking of the arrangement where the server gives you a
>> challenge, which you type into a little keyring widget (or a program
>> in your palmtop, laptop or trusted desktop box) along with your
>> master password and it spits back a one-time password for you to
>> use.
>
> Curious. I'd never heard of or encountered that variant before.
RFC1938. It's an evolution of the original Bellcore S/KEY system.
Here's a free PalmOS s/key calculator that generates responses when
challenge information is entered.
http://astro.uchicago.edu/home/web/valdes/pilot/pilOTP/
I'm pretty rusty on this stuff, but IIRC s/key password lists are
basically the result of repeatedly applying MD5 (or some other one-way
hash) to a secret which you share with the authenticator.
The system starts by asking you "what's the 100th iteration of MD5 on
your secret"? Only somebody who knows your secret can know that.
Next time it asks you "what's the 99th iteration". Now someone who
shoulder-surfed last time will know the 100th iteration, but that
doesn't get them anything useful---they can trivially find the 101st
etcetera, but finding the 99th and earlier values is intractable due
to the one-way nature of cryptographic hash algorithms. So in this
case Bob is prompting Alice, "tell me the result of applying my
challenge ('99') to your secret"
The "list of one-time passwords which you use once then cross out" is
the simple paper-based version. Computer aided can be more
complicated (allowing you more than 100 logins before changing
password), but the complexity is all in the "response calculator",
into which you just need to enter your original secret and the
"challenge" (which is analogous to the '99' above, but probably is
longer and may contain 'salt' to aid in longevity of your master
secret).
--cjb
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list